package com.vogue.supplymall.account.shiro.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.vogue.supplymall.common.constant.ErrorCode;

public class AdminAuthenticationFiler extends AdminBaseFilter {

	public static final Logger LOGGER_ADMINAUTHENTICATIONFILER = LoggerFactory.getLogger(AdminAuthenticationFiler.class);
	
	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
//		HttpServletRequest httpRequest = WebUtils.toHttp(request);
		//OPTIONS 实际是不做业务处理的一次试探访问，因此不对此请求进行业务限制
//		if("OPTIONS".equals(httpRequest.getMethod())) {
//			return true;
//		}
//		String url = httpRequest.getRequestURL().toString();
//		url = url.substring(url.indexOf("/suppliermall"));
		if (isLoginRequest(request, response)) {
			return true;
		} else {
			Subject subject = getSubject(request, response);
			Object obj = subject.getPrincipal();
			if(obj != null) {
				return true;
			}else {
				return false;
			}
		}
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		ajaxResponse(request, response, ErrorCode.NeedCredentials.getCode());
		LOGGER_ADMINAUTHENTICATIONFILER.debug("-------403-------");
		return false;
	}

}
